can someone explain WHY UAC is so important?

http://forum.cakewalk.com/fb.ashx?m=2709089


http://forum.cakewalk.com/fb.ashx?m=2709597


http://en.wikipedia.org/wiki/User_Account_Control

No analogies there. If all that is too complicated. 

It's the malware stupid.

Of course you will have few problems if you keep it turned off all the time--unless you run into malware.

If you turn it on and off, you can have some serious problems in that software installed while it is off will not be virtualized (installed to safe locations) properly and will not work when it is turned back on. It is even possible that some software designed around UAC will not work correctly without it, but most software available now is not that picky.

If older software will not work under UAC, then we are back to the title of the thread. You can run that one piece of software as administrator i.e. granting it the privileges it is written to need, without opening your whole system to attack.

> can someone explain WHY UAC is so important?

See post #8 and #11.

hockeyjx


I have UAC off, and I have nothing with any names or passwords... nor is it on the internet.

No smoke or fire, because there is no oxygen :P

Bingo 

And you never use software or import music from other sources, or that has been on other people's PC's ;)
If that's true as well - bingo as well.

CakeAlexS


And you never use software or import music from other sources, or that has been on other people's PC's ;)
If that's true as well - bingo as well.

You see Alex, you are thinking too linearly. My system has been working for me as I said for years. My audio mixing computer and composition comp are on my local Network. My main comp for net access contains all of my security. Nothing goes to the other computers unless they pass through those measures first. Other sources, software, other people's PC files: no issue whatsoever as they never directly go straight to those systems. I don'have installation issues nor "evils" of any sort. It's a perfect working system in which I do not have to necessarily heed to any process, such as for example, UAC. 

Nope not thinking linearly, I'm thinking layers... you have chosen to remove a  layer of security... fair enough.. your choice. You could argue on the same basis that you don't need antivirus, and that you don't set up no passwords, firewall... how far do you wanna go?

BTW it's not just about where the data is situated, you are simply stating here that you have a first line of defense by using another PC.

So how did you configure your LAN and PC? Do you have a DMZ between your PC's via your LAN? I doubt it! and nor do I, I can freely access machines on my local LAN (although there is a firewall between all PC's). Note that malicious software won't necessarily be detected or executed until it is run, so do you run your song on a special install of cakewalk on your test PC  to see what happens first and then pass it to your DAW which also has cakewalk installed? Nope I don't do that either. Infected PDF's is a classic example - pass the file around and one day somebody will open the file somewhere if the antivirus has failed to detect. BTW I have no idea if Cakewalk files can take payloads or not, but as files can be archived I would say yes.

Sorry I don't buy the "it's been working for years" or "because I've tested it on another machine it's clean" argument (was valid 20 years ago maybe, when "sheepdip PCs" were widely used and malicious software was in its infancy), nope mostly you just downloaded it and didn't execute it until you found the right machine that runs the right software that will execute it. And if your antivirus hasn't detected anything malicious then a malicious process may run via the application you executed on and it may need admin permissions, which you will be none the wiser for without UAC.

In fact if you want your machine to be entirely safe why not switch it off permanently ! :).
(nb all my machines have internet, I use a decent software and hardware firewall, I have no issues either. But I do know one day I might. Security is never perfect whatever your scenario).

CakeAlexS


Nope not thinking linearly, I'm thinking layers... you have chosen to remove a  layer of security... fair enough.. your choice. You could argue on the same basis that you don't need antivirus, and that you don't set up no passwords, firewall... how far do you wanna go?

BTW it's not just about where the data is situated, you are simply stating here that you have a first line of defense by using another PC.

So how did you configure your LAN and PC? Do you have a DMZ between your PC's via your LAN? I doubt it! and nor do I, I can freely access machines on my local LAN (although there is a firewall between all PC's). Note that malicious software won't necessarily be detected or executed until it is run, so do you run your song on a special install of cakewalk on your test PC  to see what happens first and then pass it to your DAW which also has cakewalk installed? Nope I don't do that either. Infected PDF's is a classic example - pass the file around and one day somebody will open the file somewhere if the antivirus has failed to detect. BTW I have no idea if Cakewalk files can take payloads or not, but as files can be archived I would say yes.

Sorry I don't buy the "because I've tested it on another machine it's clean" argument (was valid 20 years ago maybe, when "sheepdip PCs" were widely used and malicious software was in its infancy), nope mostly you just downloaded it and didn't execute it until you found the right machine that runs the right software that will execute it. And if your antivirus hasn't detected anything malicious then a malicious process may run via the application you executed on and it may need admin permissions, which you will be none the wiser for without UAC.

In fact if you want your machine to be entirely safe why not switch it off permanently ! :).
(nb all my machines have internet, I have no issues either).

Actually, to make this easy, the answers to your questions are in fact "yes". 
I have a "sandbox" environment. Executibles, dll's, you name it are all checked first. Nothing gets by until they are checked thoroughly
Portable programs help me with monthly maintenance on the other systems. Even at that, nothing has ever infected them to this day as system behavior and these checks also tell me that. The needing an entirely safe computer argument is a strawman. I never insisted I needed such safety! I don't because the safety is well intact already. Experience tells me that, you can't otherwise insist there is a problem because you think the fix is needed. 

Sounds like you know what you're doing Bob if you are sandboxing, but not everybody will do that.

I do scan files when I copy them over. I don't install stuff I don't know. And the machine isn't connected to ANYTHING.

I have an original image I took before I installed anything else and then incrementals after.

Every other machine that I own has heavy duty security. Flash drives are scanned by the source machines.


Missing where I have to worry. But if your machine is connected, or you are not an advanced user... there is nothing wrong with using precaution and more caution.